Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.I am having an odd situation with access control. When you enable userpoints, you have 2 options in the access control: administer and view.
On my site, I have a role called 'CUSTOMER' whereby they have access to view points through the access control.
When the customer is logged in, they can go to MY POINTS and they can view just fine. However, they can also go to admin/user/userpoints and see all the points listed for all the users.
I checked the access control settings for role=CUSTOMER and they don't have access to administer, and they don't have access to administration pages. So, why would it allow them access to see all users points?
Thanks for any light you can shed on this.
Comments
Comment #1
jredding commentedThe view userpoints permission gives the person the ability to view all userpoints. A new permission was added to version 6; "view own userpoints".
Comment #2
ycimlynn commentedIt always happens that when you search around, you can't find what your looking for, but as soon as you post something, you find the thread that matters :( This was raised already http://drupal.org/node/172271.
However, I am running version 3 and it is still an issue. Also, that posting is dated (from 2007), so maybe raising it again will have fresh answers!
Comment #3
ycimlynn commentedIs there any plans in the works to have that option available for version 5? Or is there a simple patch? (I am a bit familiar with PHP, but am not a coder).
Comment #4
jredding commentedCheck out some minor new functionality added to version 5 in the dev. I have no plans at the moment to work on adding the functionality into version 5 as my project has moved to 6 and I simply don't have the free time to commit to it.
I don't recall it being that big of a change if you have some time to put towards writing a patch.
Comment #5
ycimlynn commentedThank you.
I wish I was a coder to help out with this. It is a great module...